Commit 33ec26c8 authored by Sofia Papagiannaki's avatar Sofia Papagiannaki

pithos: Restrict block uploading

parent 92fd6010
......@@ -564,6 +564,13 @@ def container_update(request, v_account, v_container):
if (content_type
and content_type == 'application/octet-stream'
and content_length != 0):
try:
request.backend.can_write_container(request.user_uniq, v_account,
v_container)
except NotAllowedError:
raise faults.Forbidden('Not allowed')
for data in socket_read_iterator(request, content_length,
request.backend.block_size):
# TODO: Raise 408 (Request Timeout) if this takes too long.
......
......@@ -943,6 +943,35 @@ class ContainerPost(PithosAPITest):
r = self.upload_object('c1', length=1)
def test_upload_blocks(self):
cname = self.create_container()[0]
url = join_urls(self.pithos_path, self.user, cname)
r = self.post(url, data=get_random_data())
self.assertEqual(r.status_code, 202)
url = join_urls(self.pithos_path, 'chuck', cname)
r = self.post(url, data=get_random_data())
self.assertEqual(r.status_code, 403)
# share object for read only
oname = self.upload_object(cname)[0]
url = join_urls(self.pithos_path, self.user, cname, oname)
self.post(url, content_type='', HTTP_CONTENT_RANGE='bytes */*',
HTTP_X_OBJECT_SHARING='read=*')
url = join_urls(self.pithos_path, 'chuck', cname)
r = self.post(url, data=get_random_data())
self.assertEqual(r.status_code, 403)
# share object for write only
oname = self.upload_object(cname)[0]
url = join_urls(self.pithos_path, self.user, cname, oname)
self.post(url, content_type='', HTTP_CONTENT_RANGE='bytes */*',
HTTP_X_OBJECT_SHARING='write=*')
url = join_urls(self.pithos_path, 'chuck', cname)
r = self.post(url, data=get_random_data())
self.assertEqual(r.status_code, 403)
class ContainerDelete(PithosAPITest):
def setUp(self):
......
......@@ -1947,6 +1947,9 @@ class ModularBackend(BaseBackend):
if user != account:
raise NotAllowedError
def can_write_container(self, user, account, container):
return self._can_write_container(user, account, container)
@check_allowed_paths(action=0)
def _can_read_object(self, user, account, container, name):
if user == account:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment